中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:19 小时前 重新扫描
20 /100
clawhub-publisher
ClawHub技能发布助手。在发布新技能前自动检查ClawHub/GitHub上的现有版本,对比实现思路,智能整合差异后发布/更新。
Legitimate ClawHub publishing automation tool with minor documentation gaps (missing allowed-tools declaration) but no malicious behavior detected.
技能名称clawhub-publisher
分析耗时42.6s
引擎pi
可以安装
Add an allowed-tools declaration to SKILL.md specifying shell:WRITE for bash execution, filesystem:READ for file operations, and network:READ for API calls to clawhub.com.

安全发现 2 项

严重性 安全发现 位置
低危
Missing allowed-tools declaration 文档欺骗
SKILL.md does not declare an allowed-tools section, making it unclear what permissions the skill requires. All scripts use bash for execution.
No allowed-tools section present
→ Add allowed-tools: shell:WRITE, filesystem:READ, network:READ
 SKILL.md:1
低危
Modifies system file publish.js 权限提升
publish.sh can modify /usr/lib/node_modules/clawhub/dist/cli/commands/publish.js to add acceptLicenseTerms. This is user-interactive and documented.
sed -i "s/form.set('payload', JSON.stringify({/form.set('payload', JSON.stringify({\n        acceptLicenseTerms: true,/" "$PUBLISH_JS_PATH"
→ This is expected behavior for the ClawHub CLI workflow, not a security concern
 scripts/publish.sh:88
资源类型声明权限推断权限状态证据
命令执行 NONE WRITE ✗ 越权 All scripts use bash for execution
文件系统 NONE READ ✗ 越权 Scripts read local files and package.json
网络访问 NONE READ ✗ 越权 clawhub inspect/install/publish commands make API calls
11 项发现
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:3
🔗
中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT
README.md:3
🔗
中危 外部 URL 外部 URL
https://clawhub.com
README.md:187
🔗
中危 外部 URL 外部 URL
https://semver.org/
references/best-practices.md:25
🔗
中危 外部 URL 外部 URL
https://www.conventionalcommits.org/
references/best-practices.md:460
🔗
中危 外部 URL 外部 URL
https://www.shellcheck.net/
references/best-practices.md:461
🔗
中危 外部 URL 外部 URL
https://pep8.org/
references/best-practices.md:462
🔗
中危 外部 URL 外部 URL
https://api.clawhub.com)
references/clawhub-api.md:265
🔗
中危 外部 URL 外部 URL
https://custom-api.clawhub.com
references/clawhub-api.md:268
🔗
中危 外部 URL 外部 URL
https://git-scm.com/doc
references/git-workflow.md:352
🔗
中危 外部 URL 外部 URL
https://clawhub.com/skills/$SLUG
scripts/publish.sh:155

目录结构

12 文件 · 42.1 KB · 1989 行
Markdown 5f · 1377L Shell 5f · 582L JSON 2f · 30L
├─ 📁 references
│ ├─ 📝 best-practices.md Markdown 462L · 8.0 KB
│ ├─ 📝 clawhub-api.md Markdown 299L · 5.1 KB
│ └─ 📝 git-workflow.md Markdown 355L · 6.1 KB
├─ 📁 scripts
│ ├─ 🔧 check-existing.sh Shell 70L · 1.8 KB
│ ├─ 🔧 compare-versions.sh Shell 141L · 3.8 KB
│ ├─ 🔧 config.sh Shell 22L · 977 B
│ ├─ 🔧 publish.sh Shell 173L · 4.6 KB
│ └─ 🔧 update.sh Shell 176L · 5.0 KB
├─ 📋 config.example.json JSON 6L · 167 B
├─ 📋 package.json JSON 24L · 705 B
├─ 📝 README.md Markdown 194L · 4.2 KB
└─ 📝 SKILL.md Markdown 67L · 1.8 KB

安全亮点

✓ No credential theft - does not access ~/.ssh, ~/.aws, or other sensitive credential paths
✓ No data exfiltration - all network traffic is to legitimate clawhub.com API
✓ No obfuscation - all code is plain shell scripts without base64 or encoded payloads
✓ No reverse shell or C2 communication
✓ No remote script execution via curl|bash or wget|sh
✓ External dependencies (clawhub CLI) are from a legitimate package manager
✓ Scripts have proper error handling and exit codes
✓ User-interactive prompts before sensitive operations